GitHub wants developers to opt for two-factor authentication (2FA)

Microsoft-owned open source software repository Github announced that it will require all users to enable one or more forms of two-factor authentication (2FA) by the end of 2023, including more than 7.2 million developers in India.
GitHub at a IT eventNearly 83 million developers, who contribute code on GitHub.com, will need to enroll in 2FA by the end of 2023, as part of the company’s platform-wide effort to secure the software ecosystem.

“GitHub is committed to making sure that strong account security doesn’t come at the expense of a great experience for developers, and end of 2023 target gives us the opportunity to optimize for this,” Mike Hanley, Chief Security Officer, GitHub, said.

GitHub said developers can expect more options for authentication and account recovery, along with improvements that help prevent and recover from account compromise.

To date, only approximately 16.5 percent of active GitHub users and 6.44 percent of npm users use one or more forms of 2FA.

“On May 31, we will be enrolling all maintainers of the top-500 packages in mandatory 2FA. Our final cohort will be maintainers of all high-impact packages, those with more than 500 dependents or 1 million weekly downloads, whom we plan to enroll in the third-quarter of this year,” GitHub said in a news statement.